Cyber Criminals Out in Full Force During Covid19

Crisis situations bring out the scammers. We’ve recently seen a considerable increase in ransomware attacks. Phone scams using the pandemic as a fear tactic also seem to be on the rise.

As Covid19 disrupts our lives, we can continue to expect scams from fraudsters using the coronavirus outbreak to play with our emotions and attempt to lure us into clicking on their bait.

For businesses this means you urgently need to remind your teams about cybersecurity and the role they play. Simply put, people are the weakest link – they are curious, make errors in judgement and click on things they shouldn’t. Your best defense is education.

Why Phishing Matters

Phishing is the number one delivery mechanism for ransomware attacks. It is a type of social engineering attack, typically delivered by email, chat, web ad or website that has been designed to impersonate a real system and organization. Phishing messages often use tactics like urgency or fear to trick people into clicking on something they shouldn’t -- with the end goal of capturing sensitive data or delivering a malicious payload.

Pause, Breathe and Ask Questions

We can all take a lesson from Star Trek’s Mr. Spock here: use logic, not emotion. In many cases, the difference between being scammed and not being scammed is the 10 seconds it takes to pause, take a deep breath and ask yourself whether this makes any sense at all. Ask yourself these questions when you receive a message you aren’t sure is legitimate:

Did you expect the email or text?

Did you expect an attachment or link?

When you hover over the "from" address, is it different than what it claims to be?

What’s the sender’s email address and does it match the displayed name?

Are there strange typos, bad grammar or wording that doesn’t make sense?

Does the email try to play with your emotions?

If it’s from a friend or colleague, is it from their usual address? Are they asking for something strange?

Does the message make any sense at all?

Have Doubts? Delete.

Never click on a link if you have doubts. Chances are if it seems phish-y – it is.

If you get a strange email from a co-worker – call, email or text them separately and ask about the message you received to confirm its validity.

If you get a link with no accompanying message – don’t engage.

If anything makes you hesitate – go with your gut and delete.

It’s a good idea to make your team aware of the current cyber threat environment and encourage them to pass along the info to their families. With many people working from home, we are conducting business in a distributed shared environment, often with people who are not cyber aware.

Routine cybersecurity training for ALL staff is vitally important and can help protect everyone from cyber threats – especially in times of crisis when cyber criminals are out in full force. Remember that with education, the weakest link in your security can become your first line of defense to protect your company.